Threatlabz

Zscaler ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, Zscaler ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect you from advanced threats.

Zulu is a dynamic risk scoring engine for web based content. For a given URL, Zulu will
retrieve the content and apply a variety of checks in three different categories:
Content, URL and Host checks. Try It >

Example of Likejacking: hidden Facebook Like widgets follows the mouse
Usually, these spam website try to get the user to click at a specific area on the page where they have hidden one or more Like buttons. On this page, the Like Button is always under the mouse, through out the page. See how spammers are using Likejacking to add a link to their page in their profile, and how the free browser extension Zscaler Likejacking Prevention can help users.

Protect your self against
Facebook spam: Zscaler
Tool for "LikeJacking" Protection
Facebook widgets, including the "Like" buttons, are often used to spread spam and propagate scams. Typically, the scammer creates a page with a fake video player. Users are tricked into clicking on Facebook Like buttons hidden behind a fake Play button. This is called Likejacking, and it's a specific form of clickjacking. I have posted a Youtube video showing in June that explains how these Facebook widgets are disguised.

Black Hat Spam SEO
For some time, attackers have leveraged Search Engine Optimization (SEO) techniques in order to promote malicious web content targeting end users. Google has researched this phenomenon and recently announced that fake antivirus pages now represent 60% of the malware associated with popular search terms and these attacks continue to grow in prevalence.

fake Youtube "Hot Video" pages
A Google Search for "Hot Video" shows fake Youtube pages. These pages redirect to a fake antivirus page. The malicious executable is detected by less than 21% of the antivirus vendors.

Malicious Fake AV page
(no sound)
A malicious page shows a Fake antivirus in action that supposedly found malware on the user computer. The page would then prompt the user to download and install a free antivirus. The executable is actually a malware.